Routing and Switching Cisco Networking Academy Routing and Switching Essentials CSCO 1860 Case Study Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 1-9 O Overview and Objectives This case study allows students fully Design a complex network using skills gained throughout the course but build and configure only a PROTOTYPE as seen in the following diagram. This case study is not a trivial task. To complete it as outlined with all required documentation will be a significant accomplishment. The case study scenario describes the project in general terms, and will explain why the network is being built. Following the scenario, the project is broken into a number of phases, each of which has a detailed list of requirements. It is important to read and understand each requirement to make sure that the project is completed accurately. The following tasks are required to complete this case study: Set up the physical layout of the network using the diagram and accompanying narrative Correctly configure single-area OSPF Correctly configure VLANs and 802.1q trunking Correctly configure routing Correctly configure DHCP Correctly configure NAT Create and apply access control lists (ACL’S) on the appropriate routers and interfaces Test and verify that all devices are operational and functioning according to the scenario guidelines and document Provide detailed documentation in a prescribed form as listed in the deliverables sections Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 2-9 Scenario DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 S0/1 DCE Belfast G0/1 S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) N VLA 99 Belfast LAN 50 hosts Limerick LAN 100 hosts OSPF 10 area 0 A company needs a network to be designed and implemented; the company has locations in four cities. All of the locations will be connected using leased-line (T1) serial links. The company has previously used RIP version 2; however, all four locations will use OSPF routing process. Also, default static route must be used to access the internet. One location, Cork, has a large and complex LAN. Due to the size and complexity, the company wants to create VLANs to control broadcasts, enhance security, and logically group users. The company also wants to use private addresses throughout the Autonomous System, DHCP over most of the LAN segments, Static and Dynamic NAT implemented for Internet connectivity. The company also wishes to limit Internet access to Web traffic and email while allowing multiple protocols (not all) within its own WAN. Although private addresses (RFC 1918) will be used, the company appreciates efficiency and address conservation in design. To minimize wasted address space, they have requested VLSM to be used when appropriate. Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 3-9 Phase 1: Addressing the WAN & LANs DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 Belfast S0/1 G0/1 DCE S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) Belfast LAN 50 hosts N VLA 99 Limerick LAN 100 hosts OSPF 10 area 0 Use the following instructions to complete Phase 1: Use 172.16.0.0/22 for internal addressing with IP subnet zero enabled. Apply /30 subnets on all serial interfaces, using the last available subnet. Assign an appropriately sized subnet for the Cork LAN, which has about 426 devices, one small VLAN (20 hosts) may be added in the future: - VLAN 99: 31 devices (Management VLAN) - VLAN 2: 120 hosts (R&D) - VLAN 3: 40 hosts (HR) - VLAN 4: 225 hosts (Production) Assign the appropriately sized subnet to the Limerick LAN (100 hosts). Assign an appropriately sized subnet for the Belfast LAN (50 Hosts). Assign an appropriately sized subnet for the Galway LAN (150 Hosts). Document all of the addressing in tables. ** Addresses will be assigned dynamically to the Cork LAN hosts (excluding VLAN 99); refer to the DHCP section of this document for details. Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 4-9 Phase 2: Configuring Default Routes & OSPF Routing DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 S0/1 DCE Belfast G0/1 S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) N VLA 99 Belfast LAN 50 hosts Limerick LAN 100 hosts OSPF 10 area 0 Use the following instructions to complete Phase 2: Configure each router with a hostname and required passwords. Configure each interface on all routers documented in Phase 1. Configure OSPF on all Routers (Galway, Cork, Limerick, and Belfast). Configure a Default Route on Galway and redistribute the route into the OSPF network. Verify that the Limerick, Belfast, Galway, and Cork routers have connectivity through Layers 1-7. Capture and save the four router configuration files. Edit the text files, and include comments at the top of each file documenting. This document will serve as deliverable for phase 2 Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 5-9 Phase 3: Configuring VLANs DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 Belfast S0/1 G0/1 DCE S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Belfast LAN 50 hosts N VLA 99 Cork VLANs 426 hosts (total) Limerick LAN 100 hosts OSPF 10 area 0 Use the following instructions to complete Phase 3: 1. Apply the basic switch configuration Hostname, all 3 types of passwords (encrypted) and MOTD. 2. Configure the Cork Local Area Network switch as follows: Create and name three Data and one Management VLAN, for a total of 4 VLANs. - VLAN VLAN VLAN VLAN 99: Management (Native) 2: R&D 3: HR 4: Production. Assign ports: - Ports 1-2 to trunk mode (802.1Q) - Ports 3 to VLAN 99 - Ports 4-7 to VLAN 2 - Ports 8-11 to VLAN 3 - Ports 12-15 to VLAN 4 - Disable all unused ports Connect G0/0 on the Cork router to the switch S1, port G0/1 Connect one workstation per VLAN (for testing purposes). Phase six contains the instruction to configure DHCP (to be done at a later time) This documentation will serve as the deliverable item for Phase 3 Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 6-9 Phase 4: Configuring ACLs DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 Belfast S0/1 G0/1 DCE S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) Belfast LAN 50 hosts N VLA 99 Limerick LAN 100 hosts OSPF 10 area 0 Use the following instructions to complete Phase 4: 1. Configure an Extended ACL to filter traffic. The ACL should: Deny the Galway LAN FTP and HTTP access to VLAN 2 (HR network); allow all other traffic to all destinations within the Autonomous System. Setup WEB and FTP server at the HR VLAN to test your ACL 2. Configure a Standard ACL to filter traffic. The ACL should: Permit the HR (VLAN 3) and the Belfast LAN users access the Limerick LAN while denying all others. 3. Configure an Extended ACL On the Belfast Router. The ACL should: Allow IP traffic for TCP and ICMP sessions originating from the inside (established sessions) while denying IP traffic for sessions originating outside the network. 4. Use an ACL to control VTY access to all routers. The ACL should: Allow telnet session to all routers from the Management VLAN (VLAN 99) only; telnet from other networks should be denied Document the ACL configuration a chart. This will serve as the deliverable item for Phase 4. Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 7-9 Phase 5: Configuring DHCP DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 S0/1 DCE Belfast G0/1 S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) N VLA 99 Belfast LAN 50 hosts Limerick LAN 100 hosts OSPF 10 area 0 DHCP Services DHCP should provide services to the following LANs hosts: Galway LAN, Cork’s VLAN 2, VLAN 3 and VLAN 4 LANs DHCP should pass the following parameters to the hosts: IP address, Subnet Mask, Default Gateway, and DNS server (10.0.0.2) The Galway router will perform DHCP. Configure the Galway using the DHCP pools documented in Phase 1. Configure DHCP services on the Galway router as follows: Fa0/0 and sub-interfaces with the first useable address. Configure the DHCP pools on the Galway router. Exclude the first 10 IP addresses from each pool (to be used for printers and servers) Connect a workstation to G0/0 on Galway and VLANs 2-4 on the Cork LAN. Configure the workstation to obtain its IP address automatically. Recapture and save the Galway router configuration file. Edit the text file, and include comments. This documentation will serve as the deliverable item for Phase 5 Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 8-9 Phase 6: NAT DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 S0/1 DCE Belfast G0/1 S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 N VLA 99 Cork VLANs 426 hosts (total) Belfast LAN 50 hosts Limerick LAN 100 hosts OSPF 10 area 0 The Belfast router will perform NAT to allow the following: 1. Configure Static NAT to translate the public local IP address 200.10.10.1 to a private local IP address 172.16.X.X (the internal web server residing on the Belfast LAN) 2. Configure Dynamic NAT as follows: Define the NAT pool. The pool consists of public network address 200.10.10.64/27. Exclude first 10 addresses from this pool (to be use for servers, when required). Define an access control list, which will translate for all internal (172.16.0.0/22) addresses, and deny all other traffic. Establish dynamic source translation, specifying the NAT pool and the ACL defined in the previous steps. Specify the inside and the outside NAT interfaces. Change the default NAT timeout value to 120 seconds. 3. Connect a web server to Belfast’s G0/0 port to simulate an ISP server. Configure this sever with an IP address, subnet mask and a default gateway 4. Connect a web server to G0/1, configure the server with an IP address, subnet mask and a default gateway. NAT configurations and translations in a chart will serve as the deliverable item for deliverable item for Phase 6. Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 9-9 Phase 7: Verification and Testing DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 Belfast S0/1 G0/1 DCE S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) Belfast LAN 50 hosts N VLA 99 OSPF 10 area 0 Limerick LAN 100 hosts Use the following instructions to complete Phase 5: 1. Verify communication between various hosts in the network. Troubleshoot and fix any problems in the network until it works properly. Document the results of the tests in a table. 2. Recapture and save the router configuration files for all four routers. Edit the text files, and include comments at the top of each file documenting the following: – Your name – The date – CCNA4 Case Study – Final Router Configuration – The router name that corresponds to each file. This documentation, along with the completed tables from Phase 1, Phase 2, Phase 3, Phase4, Phase 5, Phase 6, and Phase 7, will serve as the final deliverable item for the case study. Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 10-9 Phase 8: Verification and Testing DCE S0/0 Internet (Use a PC/Server to simulate the internet 10.0.0.2/30) Galaway Galway Galway LAN 150 hosts G0/0 10.0.0.1/30 S0/0 S0/0 Cork Nat Outside 200.10.10.64/27 Nat Inside 172.16.0.0/22 G0/0 Belfast S0/1 DCE G0/1 S0/1 DCE S0/0 Limerick G0/0 VLA N 2 VLAN 3 VLAN 4 Cork VLANs 426 hosts (total) N VLA 99 Belfast LAN 50 hosts Limerick LAN 100 hosts OSPF 10 area 0 Use the following instructions to complete Phase 4: 1. Configure an Extended ACL to filter traffic. The ACL should: Deny the Galway LAN FTP and HTTP access to VLAN 2 (HR network); allow all other traffic to all destinations within the Autonomous System. Setup WEB and FTP server at the HR VLAN to test your ACL 2. Configure a Standard ACL to filter traffic. The ACL should: Permit the HR (VLAN 3) and the Belfast LAN users access the Limerick LAN while denying all others. 3. Configure an Extended ACL On the Belfast Router. The ACL should: Allow IP traffic for TCP and ICMP sessions originating from the inside (established sessions) while denying IP traffic for sessions originating outside the network. 4. Use an ACL to control VTY access to all routers. The ACL should: Allow telnet session to all routers from the Management VLAN (VLAN 99) only; telnet from other networks should be denied Document the ACL configuration a chart. This will serve as the deliverable item for Phase 4 Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 11-9 Case Study Deliverables Once the case study problem has been solved, the network has been successfully designed and the prototype implemented and tested, a final report must be provided to your instructor. This report will include thorough and well-organized documentation of the process. It is highly recommended that all tables be completed using a spreadsheet program such as Microsoft Excel. Cisco Network Designer, Visio or a paint program can be used for the network diagrams. Some of these tables and outputs should be used in your power point presentation The following items must be included in the final report and presentation: • Outline • Summary of the Company and Network Requirements • Discussion on the implementation of IP address and VLSM • Discussion on the implementation of Routing • Discussion on the implementation of VLANs, STP, and switches • Discussion on the physical layer design and equipment • Discussion on testing and verification strategies • Recommendations for future network upgrades • Logical Diagram • Physical Diagram • IP Addressing Table • Router Interface Table • Switch Table • Equipment Table including quantity, make and model (Routers & Switches ONLY) • Show Commands outputs to verify connectivity: show ip route, show ip ospf neighbors, show spanning-tree, show vlan, ping, telnet, etc. • Router Configurations • Switch Configuration The documentation should be complete and should contain enough information to allow a third party to properly install, configure and troubleshoot the network without requesting additional information. Copyright ~ 2003, Cisco Systems, Inc. Case Study: WANs 12-9